formbook

General

Target

SecuriteInfo.com.Win64.PWSX-gen.12604.14984.exe
Size

445KB
Sample

221130-y97ltsce34
MD5

e263de8f3ae2be138b63fcb2495512c9
SHA1

d2d02ff2d91e8991f37a2a721617c076467c7e27
SHA256

3e78df55b6fae63e9199c141df9aaa3c3ad937a654cf876406f74593385a9d5d
SHA512

bddf900dc7a55335afd4bbc62c82a19af0b6d1459007b3b9844d13442ab3ebbf9eb2a7f8b979f88aac5825b0d9a508a89d8c8ca07715dbd27e39b03745a3cc75
SSDEEP

12288:XouvLcC4YGInvPc0kPwnne5oa1czjH3SmYz5vcDXAhPO:XouzcC4GPc0yMnyoFItvcDwhP

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

- Target
  
  SecuriteInfo.com.Win64.PWSX-gen.12604.14984.exe
- Size
  
  445KB
- MD5
  
  e263de8f3ae2be138b63fcb2495512c9
- SHA1
  
  d2d02ff2d91e8991f37a2a721617c076467c7e27
- SHA256
  
  3e78df55b6fae63e9199c141df9aaa3c3ad937a654cf876406f74593385a9d5d
- SHA512
  
  bddf900dc7a55335afd4bbc62c82a19af0b6d1459007b3b9844d13442ab3ebbf9eb2a7f8b979f88aac5825b0d9a508a89d8c8ca07715dbd27e39b03745a3cc75
- SSDEEP
  
  12288:XouvLcC4YGInvPc0kPwnne5oa1czjH3SmYz5vcDXAhPO:XouzcC4GPc0yMnyoFItvcDwhP
Score

10^/10

formbook t5ez rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2